On 30 May 2012, at 01:01, Maarten Billemont wrote:
Dear readers,
I've written an iOS / Mac application whose goal it is to produce passwords
for any purpose. I was really hoping for the opportunity to receive some
critical feedback or review of the algorithm used[1].
I'd like to thank
On May 31, 2012, at 3:03 PM, Marsh Ray wrote:
On 05/31/2012 11:28 AM, Nico Williams wrote:
Yes, but note that one could address that with some assumptions, and
with some techniques that one would reject when making a better hash
-- the point is to be slow,
More precisely, the point is
On Thu, Jun 7, 2012 at 4:14 PM, Steven Bellovin s...@cs.columbia.edu wrote:
There's another, completely different issue: does the attacker want a
particular password, or will any passwords from a large set suffice?
Given the availability of cheap cloud computing, botnets, GPUs, and botnets
On 05/31/2012 04:08 PM, Nico Williams wrote:
On Thu, May 31, 2012 at 2:03 PM, Marsh Rayma...@extendedsubset.com wrote:
On 05/31/2012 11:28 AM, Nico Williams wrote:
Yes, but note that one could address that with some assumptions, and
with some techniques that one would reject when making a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On May 30, 2012, at 4:28 AM, Maarten Billemont wrote:
If I understand your point correctly, you're telling me that while scrypt
might delay brute-force attacks on a user's master password, it's not
terribly useful a defense against someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On May 30, 2012, at 12:59 PM, Nico Williams wrote:
Are you saying that PBKDFs are just so much cargo cult now?
No. PBKDF2 is what I suggest, actually. C.F. my entirely too long missive to
Maarten that I just sent.
Jon
-BEGIN PGP
On Thu, May 31, 2012 at 2:03 AM, Jon Callas j...@callas.org wrote:
On May 30, 2012, at 4:28 AM, Maarten Billemont wrote:
If I understand your point correctly, you're telling me that while scrypt
might delay brute-force attacks on a user's master password, it's not
terribly useful a defense
Reminds me of Feb 2003 - Moderately Hard, Memory-bound Functions NDSS 03,
Martin Abadi, Mike Burrows, Mark Manasse, and Ted Wobber.
(cached at) http://hashcash.org/papers/memory-bound-ndss.pdf
By microsoft research, but then when exchange and oulook added a
computational cost function, for
On Thu, May 31, 2012 at 10:43 AM, Adam Back a...@cypherspace.org wrote:
One quite generic argument I could suggest for being wary of scrypt would be
if someone said, hey here's my new hash function, use it instead of SHA1,
its better - you would and should very wary. A lot of public review
On 05/31/2012 11:28 AM, Nico Williams wrote:
Yes, but note that one could address that with some assumptions, and
with some techniques that one would reject when making a better hash
-- the point is to be slow,
More precisely, the point is to take a tunable amount of time with
strong
On Thu, May 31, 2012 at 2:03 PM, Marsh Ray ma...@extendedsubset.com wrote:
On 05/31/2012 11:28 AM, Nico Williams wrote:
Yes, but note that one could address that with some assumptions, and
with some techniques that one would reject when making a better hash
-- the point is to be slow,
[...]
On 30 May 2012, at 02:49, Jonathan Thornburg wrote:
On Wed, 30 May 2012, Maarten Billemont wrote:
Master Password is different in that it generates passwords based
purely off of a user's master password and the name of the site.
Is there a provision to rollover the master password
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your algorithm is basically okay, but there are a couple of errors you've made,
things you and I will disagree over, and one flaw that I consider to wreck the
whole thing. But all of the problems are correctable, easily. If I have not
understood
First of all, thanks for your time and very valuable feedback.
On 30 May 2012, at 07:20, Marsh Ray wrote:
On 05/29/2012 06:01 PM, Maarten Billemont wrote:
Dear readers,
I've written an iOS / Mac application whose goal it is to produce
passwords for any purpose. I was really hoping for the
I would hazard a guess that this system would stand up well against
mass attacks, at the very least making them much less economically
desirable or feasible for attackers who benefit most from password
dumps. Most architectures fail in single cases, anyway, due to poor
user awareness, poor user
Which is not to say that I find the single case, or cryptographic
strength to be superior to other systems. But it certainly
complicates the job of an attacker seeking to exploit large numbers of
passwords, or cross-service password reuse. Imperfect, but not a
terrible step.
On Wed, May 30, 2012
Thanks a lot, Jon, for taking the time and sharing your thoughts.
On 30 May 2012, at 09:32, Jon Callas wrote:
Your algorithm is basically okay, but there are a couple of errors you've
made, things you and I will disagree over, and one flaw that I consider to
wreck the whole thing. But all of
You're right, sharing of master passwords is a bad idea. But given
human nature, it happens, and a security system needs to take that
into account. There are also a lot of other ways a master password
can be compromised and thus need rolling over, e.g. shoulder-surfing,
virus keyloggers, theft
On 30 May 2012, at 15:09, Jonathan Thornburg wrote:
You're right, sharing of master passwords is a bad idea. But given
human nature, it happens, and a security system needs to take that
into account. There are also a lot of other ways a master password
can be compromised and thus need
On May 29, 2012, at 7:01 22PM, Maarten Billemont wrote:
Dear readers,
I've written an iOS / Mac application whose goal it is to produce passwords
for any purpose. I was really hoping for the opportunity to receive some
critical feedback or review of the algorithm used[1].
--
ABOUT
On 30 May 2012, at 16:26, Wyss, Felix wrote:
What about including a random salt when generating the key from the master
password? The application could either generate the salt for you on first
use (and recommend writing it down and keeping in a safe place) or allow
entering an existing
On Wed, May 30, 2012 at 9:57 AM, Steven Bellovin s...@cs.columbia.edu wrote:
On May 29, 2012, at 7:01 22PM, Maarten Billemont wrote:
Dear readers,
I've written an iOS / Mac application whose goal it is to produce passwords
for any purpose. I was really hoping for the opportunity to
On 05/30/2012 04:06 AM, Maarten Billemont wrote:
First of all, thanks for your time and very valuable feedback.
On 30 May 2012, at 07:20, Marsh Ray wrote:
On 05/29/2012 06:01 PM, Maarten Billemont wrote:
Initially, my recommendation for a master password was to use a
sufficiently-random
On Wed, May 30, 2012 at 2:32 AM, Jon Callas j...@callas.org wrote:
(1) You take the master password and run it through a 512-bit hash function,
producing master binary secret.
You pick scrypt for your hash function, because you think burning time and
space adds to security. I do not. This
On Wed, May 30, 2012 at 3:25 PM, Maarten Billemont lhun...@lyndir.com wrote:
I'm currently considering asking the user for their full name and using that
as a salt in the scrypt operation. Full names are often lengthy and there's
a good deal of them. Do you recon this might introduce enough
On 30 May 2012 13:25, Maarten Billemont lhun...@lyndir.com wrote:
On 30 May 2012, at 22:17, Marsh Ray wrote:
On 05/30/2012 02:59 PM, Nico Williams wrote:
This is why salting is important. They should not be able to build
a single rainbow table that works for all cases.
In order to be
On Wed, 30 May 2012, Maarten Billemont wrote:
I'm currently considering asking the user for their full name and
using that as a salt in the scrypt operation. [[...]]
Digressing slightly from crypto, note that full name is not as tidy
or troublefree a concept as one might think. It's
I'm going to attempt to summarize/rehash the comments I've found have a
significant relevance to the quality of the algorithm. I've had a lot of great
feedback, which I'm tremendously thankful for. My apologies in advance for any
important aspects that any of you have highlighted if I forget
On 05/29/2012 06:01 PM, Maarten Billemont wrote:
Dear readers,
I've written an iOS / Mac application whose goal it is to produce
passwords for any purpose. I was really hoping for the opportunity
to receive some critical feedback or review of the algorithm
used[1].
[1]
29 matches
Mail list logo
